package com.tang.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;
import org.springframework.ui.Model;

/**
 * @Author Tom
 * @ClassName LoginConfig
 * @Date 2022/2/27 13:10
 */
@Configuration
public class LoginConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    private SecurityConfig securityConfig;

    @Autowired
    private PersistentTokenRepository persistentTokenRepository;
 @Override
 protected void configure(HttpSecurity http) throws Exception {
  http.formLogin().loginProcessingUrl("/index") //当发现/index 时认为是登录，需 要执行 UserDetailsServiceImpl
          .successForwardUrl("/index") //登录成功后，跳转到指定请求（此处是 post 请求）
          .loginPage("/login.html");
    http.exceptionHandling().accessDeniedPage("/errno");
//退出注销
http.logout().logoutUrl("/logout")
        .logoutSuccessUrl("/login.html");
  // url 拦截
  http.authorizeRequests()
          .antMatchers("/login.html","/css/**","/img/**","/js/**","/userSystem/code").permitAll() //login.html 不需要被认证
//          .antMatchers("/normal").hasRole("normal")
          .anyRequest().authenticated();//所有的请求都必须被认证。必须登录 后才能访问。
//记住我
//     http.rememberMe().userDetailsService(securityConfig)
//             .tokenRepository(persistentTokenRepository)
//             .rememberMeParameter("rm")
//             .tokenValiditySeconds(60);
  // 关闭 csrf 防护
  http.csrf().disable();
 }

 }

    